We are regularly involved in litigation. • We are regularly involved in litigation, either as a plaintiff or defendant. These cases could result in an unfavourable resolution and could have a material adverse effect on our results of operations and financial condition. For further discussion of legal proceedings refer to note 19 of the 2022 Annual Consolidated Financial Statements. We are exposed to investors trying to profit from short positions in our stock. • Short-sellers seek to profit from a decline in the price of our common shares. Through their actions and public statements, they may encourage the decline in price from which they profit and may encourage others to take short positions in our shares. The existence of such short positions and the related publicity may lead to continued volatility in our common share price. System failures or events that impact our facilities may disrupt business operations. • Technology is used in virtually all aspects of our business and operations; in addition, part of our strategy involves the expansion of technology to directly serve our customers. An interruption in the service of our technology resulting from system failure, cyber-attack, human error, natural disaster, human-made disaster, pandemic, or other unpredictable events beyond reasonable control could prevent us from effectively operating our business. We rely on the internet in order to conduct business and may be adversely impacted by outages in critical infrastructure such as electric grids, undersea cables, satellites or other communications used by us or our third parties. • While our facilities and operations are distributed across the globe, we can experience extreme weather, natural disasters, civil unrest, human-made disasters, power outages, pandemic, and other events which can prevent access to, and operations within, the facilities for our employees, partners, and other parties that support our business operations. • We take measures to plan, structure and protect against routine events that may impact our operations, and maintain plans to recover from unpredictable events. The experience learned from COVID-19 has stress tested these plans and has resulted in strengthening our continuity plans. For further information, see “Pandemic risk and potential implications of COVID-19” below. An interruption to our operations may subject us to regulatory sanctions and legal claims, lead to a loss of customers, assets and revenues, or otherwise adversely affect us from a financial, operational and reputational perspective. An information security or privacy breach of our operations or of a related third party could adversely impact our business, results of operations, financial condition, and reputation. • It is possible that the Company may not be able to anticipate or to implement effective preventive measures against all disruptions or privacy and security breaches, especially because the techniques used change frequently, generally increase in sophistication, often are not recognized until launched, and because cyber-attacks can originate from a wide variety of sources, including organized crime, hackers, terrorists, activists, and other parties, including parties sponsored by hostile foreign governments. Those parties may also attempt to fraudulently induce employees, customers, and other users of the Company’s systems or third-party service providers to disclose sensitive information in order to gain access to the Company’s data or that of its customers or clients. We, our customers, regulators and other third parties have been subject to, and are likely to continue to be the target of, cyber-attacks, including computer viruses, malicious or destructive code, phishing attacks, denial of service and other security incidents, that could result in the unauthorized release, gathering, monitoring, misuse, loss or destruction of personal, confidential, proprietary and other information of the Company, our employees, our customers or of third parties, or otherwise materially disrupt our or our customers’ or other third parties’ network access or business operations. These attacks could adversely impact us from a financial, operational and reputational perspective. • The Company maintains an Information Risk Management Program, which includes information and cyber security defenses, to protect our networks and systems from attacks; however, there can be no assurance that these counter measures will be successful in every instance in protecting our networks against advanced attacks. In addition to protection, detection and response mechanisms, the Company maintains cyber risk insurance, but this insurance may not cover all costs associated with the financial, operational and reputational consequences of personal, confidential or proprietary information being compromised. Model risk may arise from the inappropriate use or interpretation of models or their output, or the use of deficient models, data or assumptions. • We rely on highly complex models for pricing, valuation and risk measurement, and for input on decision making. Consequently, the risk of inappropriate use or interpretation of our models or their output, or the use of deficient models, could have a material adverse effect on our business. Fraud risks may arise from incidents related to identity theft and account takeovers. • Fraud incidents could adversely impact our business, results of operations, financial condition and reputation. Policies and procedures are in place and seek to protect against ever-evolving fraud threats. However, we may nevertheless not be able to prevent and detect all fraud incidents. Contracted third parties may fail to deliver against contracted activities. • We rely on third parties to perform a variety of activities on our behalf, and failure of our most significant third parties to meet their contracted obligations may impact our ability to meet our strategic objectives or may directly impact our customers. Vendor governance processes are in place that seek to ensure that appropriate due diligence is conducted at time of vendor contracting, and ongoing vendor monitoring activities are in place that seek to ensure that the contracted services are being fulfilled to satisfaction, but we may nevertheless not be able to mitigate all possible failures. 81